cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
528
Views
0
Helpful
2
Replies

ntpclient access and blocking by country

bbx-cisco
Level 1
Level 1

Two questions:

 

1).  In my processes table I see the following:

NameDescriptionProtocolPortLocal Address

Foreign Address

ntpclientNTP Clientudp13531(my WAN IP number)218.75.4.130

 

I have another ntpclient to the expect time server.  But the one listed above is located in CHINA, (at least the registration).  I haven't knowingly set this up.  How did it get in my Processes table and should it be a security concern?

 

2). Can entire countries be blocked?  I'm thinking it's impractical to do by registered IP ranges; is there another way?  My concern is that I have no legitimate business reason to connect with certain countries most know for sourcing hacking attacks of various types.  It seems if I block them, it can reduce the risk of successful attacks to my network.  I understand that IP can be spoofed so this would not guarantee blocking attacks originating from those countries, but if it can help to reduce attacks to my network, I would like to implement the blocking.

 

2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

You can block by country with the Sourcefire module.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-732253.html

Do I understand the recommendation correctly that to block countries is to buy more software?  I was hoping for an answer that indicates basic firewall settings to block countries.  It seems many of the routers have firewall or filter settings; that is what I was thinking about.  For example, settings for any of Cisco's line of Small Business routers.

Review Cisco Networking for a $25 gift card